Advisory ID

12767

Release date

20160923

Last Updated

20160923

Issue Severity

None

Source

Source

openssl.org

Release date

20160922

CVSS v2 Base Score

Low

Problem Description

A flaw in the DTLS replay attack protection mechanism means that records that arrive for future epochs update the replay protection "window" before the MAC for the record has been validated. This could be exploited by an attacker by sending a record for the next epoch (which does not have to decrypt or have a valid MAC), with a very large sequence number. This means that all subsequent legitimate packets are dropped causing a denial of service for a specific DTLS connection.

Impact

None.

Affected Products

None - no Foxt products use the DTLS protocol.

Workaround

N/A.

Obtaining Fixed Software

N/A.

External References

OpenSSL Security Advisory










Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018